Free Self-service password reset (SSPR) functionality for users on a Windows Server-based Active Directory (AD) environment

blog.payperitem.com, April 7, 2025April 7, 2025

✅ 1. Open Source SSPR Solutions

🔹 1.1. PwdReset

GitHub: https://github.com/LussacZheng/PwdReset
A simple ASP.NET-based self-service password reset web portal for AD users.
Users answer security questions to reset their password.
Deploy on IIS.

Features:

User authentication via AD.
Web portal for password reset.
Secure question/answer mechanism.

💡 Useful for small-to-mid scale environments.

🔹 1.2. Self Service Password (LDAP Tool)

Website: https://ltb-project.org/documentation/self-service-password/
PHP-based self-service password reset tool for LDAP (including AD).
Often used with Apache + PHP on Linux, but works with Windows via WAMP/XAMPP.

Features:

AD or LDAP backend.
CAPTCHA support.
Mail notification.
Security questions and token-based reset.
Can be integrated with Samba AD or Windows Server AD.

Setup requirements:

PHP web server (Apache/IIS with PHP).
Bind account with permissions to change passwords in AD.

✅ 2. Configuration Guide for LTB Self Service Password with Windows AD

Install Apache + PHP (or use WAMP/XAMPP).
Download the tool: bash clone https://github.com/ltb-project/self-service-password.git
Edit config: conf/config.inc.php php $ldap_url = "ldap://your-ad-server.domain.local"; $ldap_binddn = "CN=svc-ldap,OU=ServiceAccounts,DC=domain,DC=local"; $ldap_bindpw = "your-password"; $ldap_base = "DC=domain,DC=local"; $ad_mode = true; $who_change_password = "manager"; // Or "user" $mail_from = "noreply@domain.local"; $notify_on_change = true; $use_questions = true;
Enable password write-back permissions:
- Ensure the bind account has “Reset password” permission on user objects in AD.
Configure IIS (optional) if using Windows-native web server instead of Apache.
Test with a regular domain user.

✅ 3. Optional Enhancements

ReCAPTCHA Integration: Prevent brute-force.
Email-based OTP reset: Add PHPMailer for SMTP integration.
HTTPS: Ensure the site is secured with a TLS cert (Let’s Encrypt or internal PKI).

✅ 4. Alternatives (Freeware, Not Fully Open Source)

Tool	License	Notes
AdPassMon	Freeware	Tray utility for end-users
Password Reset Portal (from MS)	Built into Azure/Hybrid	Requires Azure AD P1
RSAT Password Reset Tool	Free with RSAT	Admin tool only, not for self-service

✅ TL;DR Setup Recommendation

Use LTB Self-Service Password for a solid web-based portal.
Runs on PHP, supports AD, security questions, and email.
Free and customizable.
Best hosted on Linux but also works on Windows with IIS + PHP.

Active Directory Networking Server 2025 Website Windows

The Windows 11 “Sudo” Feature: A Step Forward or a Hacker’s Dream?

January 21, 2025January 21, 2025

Windows 11’s latest update (version 24H2) has introduced the “sudo” command, inspired by UNIX-based systems. This feature streamlines running elevated commands, making administrative tasks quicker and more accessible for users. However, as with any tool, its utility can be a double-edged sword. Let’s explore why this feature is amazing, how…

Configuring an SLA (Service Level Agreement) in ServiceNow

April 15, 2025

Configuring an SLA (Service Level Agreement) in ServiceNow involves multiple components working together to define and track performance against agreed-upon service levels. Here’s a high-level guide to walk you through the core configuration: 🔧 Step-by-Step: Configure SLA in ServiceNow 1. Enable SLA Plugin First, ensure that the SLA plugin is…

Configure Softnet ethernet VPN server on Azure step by step

April 17, 2025April 18, 2025

o set up a SoftEther VPN Server on Azure, using a Windows VM, here’s a complete step-by-step guide to get it running securely and efficiently. 🛠️ Overview 🔧 Prerequisites 🧱 Step-by-Step Setup ✅ Step 1: Create a Windows VM in Azure ✅ Step 2: Connect to the VM ✅ Step…